OpenWrt
/
packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

adblock: update to 0.60.0 

* "zero-conf" installation & setup, usually no manual config changes
required (i.e. ip address, network devices etc.)
* full IPv4 and IPv6 support
* new adblock list source (malwaredomainlist.com)
* adblock related statistics will be done by iptables
* removed curl dependency
* for IPv6 support you need 'kmod-ipt-nat6'
* fix Chaos Calmer compability 
* various small changes & fixes
* updated documentation
* updated maintainer email address

Signed-off-by: Dirk Brenken <dirk@brenken.org>
This commit is contained in:
Dirk Brenken 2016-01-23 22:54:01 +01:00
parent bdb599ff28
commit 75b0ded581
15 changed files with 665 additions and 695 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
net/adblock/Makefile
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2015 OpenWrt.org
# Copyright (C) 2015-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v3.
#
@ -7,10 +7,10 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
PKG_VERSION:=0.40.2
PKG_VERSION:=0.60.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dirk@brenken.org>
PKG_MAINTAINER:=Dirk Brenken <openwrt@brenken.org>
include $(INCLUDE_DIR)/package.mk
@ -18,21 +18,23 @@ define Package/$(PKG_NAME)
SECTION:=net
CATEGORY:=Network
TITLE:=Powerful adblock script to block ad/abuse domains
DEPENDS:=+curl +wget
DEPENDS:=+wget
PKGARCH:=all
endef
define Package/$(PKG_NAME)/description
Powerful adblock script to block ad/abuse domains
When the dns server on your router receives dns requests, we will sort out queries that ask for the [A]
resource records of ad servers and return the local ip address of your router and the internal web server
When the dns server on your router receives dns requests, we will sort out queries that ask for the resource
records of ad/abuse servers and return the local ip address of your router and the internal web server
delivers a transparent pixel instead.
The script supports the following domain blacklist sites:
https://adaway.org
https://disconnect.me
http://dshield.org
https://feodotracker.abuse.ch
http://malwaredomains.com
http://www.malwaredomainlist.com
https://palevotracker.abuse.ch
http://www.shallalist.de
http://www.spam404.com

122
net/adblock/files/README.md
View File

@ -5,20 +5,22 @@ A lot of people already use adblocker plugins within their desktop browsers,
but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...
...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router.
When the dns server on your router receives dns requests, youll sort out queries that ask for the [A] resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead.
When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead.
## Main Features
* support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses):
* [adaway.org](https://adaway.org)
* => infrequent updates, approx. 400 entries
* => infrequent updates, approx. 400 entries (enabled by default)
* [disconnect.me](https://disconnect.me)
* => numerous updates on the same day, approx. 6.500 entries
* => numerous updates on the same day, approx. 6.500 entries (enabled by default)
* [dshield.org](http://dshield.org)
* => daily updates, approx. 4.500 entries
* [feodotracker.abuse.ch](https://feodotracker.abuse.ch)
* => daily updates, approx. 0-10 entries
* [malwaredomains.com](http://malwaredomains.com)
* => daily updates, approx. 16.000 entries
* [malwaredomainlist.com](http://www.malwaredomainlist.com)
* => daily updates, approx. 1.500 entries
* [palevotracker.abuse.ch](https://palevotracker.abuse.ch)
* => daily updates, approx. 15 entries
* [shallalist.de](http://www.shallalist.de) (categories "adv" "costtraps" "spyware" "tracker" "warez" enabled by default)
@ -33,93 +35,63 @@ When the dns server on your router receives dns requests, youll sort out quer
* => weekly updates, approx. 2.500 entries (enabled by default)
* [zeustracker.abuse.ch](https://zeustracker.abuse.ch)
* => daily updates, approx. 440 entries
* zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.)
* full IPv4 and IPv6 support
* each blocklist source will be updated and processed separately
* timestamp check to download and process only updated blocklists
* overall duplicate removal in separate blocklists (will be automatically disabled on low memory systems)
* blocklist parsing by fast & flexible regex rulesets
* timestamp check to download and process only updated adblock list sources
* overall duplicate removal in separate adblock lists (will be automatically disabled on low memory systems)
* adblock source list parsing by fast & flexible regex rulesets
* additional white- and blacklist support for manual overrides
* use of dynamic adblock network interface
* use of dynamic uhttpd instance as pixel server
* use of quality checks after adblocklist updates to ensure a reliable dnsmasq service
* quality checks during/after update of adblock lists to ensure a reliable dnsmasq service
* wan update check, to wait for an active wan uplink before update
* basic adblock statistics via iptables packet counters
* status & error logging to stdout and syslog
* use of dynamic uhttpd instance as adblock pixel server
* optional features (disabled by default):
* powerful adblock list backup/restore handling
* wan interface check, useful for rc.local based autostart and (mobile) multiwan setups to update only on pre-defined wan interfaces
* domain query logging as a background service to easily identify free and already blocked domains (see example output below)
* adblock statistics (req. query logging)
* ntp time sync
* status & error logging to separate file (req. ntp time sync)
* adblock list backup/restore
* debug logging to separate file
## Prerequisites
* [openwrt](https://openwrt.org) (tested only with trunk > r47025), CC should also work
* additional software packages:
* curl
* wget (due to an openwrt bug still needed for certain https requests - see ticket #19621)
* optional: busybox find with *-mtime* support for logfile housekeeping (enabled by default with r47362, will be disabled if not found)
* the above dependencies and requirements will be checked during package installation & script startup, please check console output or *logread -e "adblock"* for errors
* [openwrt](https://openwrt.org), tested with latest stable release (Chaos Calmer 15.05) and with current trunk (Designated Driver > r47025)
* required software packages:
* wget
* optional for IPv6 support: kmod-ipt-nat6
* the above dependencies and requirements will be checked during package installation & script runtime, please check console output or *logread -e "adblock"* for errors
## Usage
* select & install adblock package (*opkg install adblock*)
* configure */etc/config/adblock* to your needs, see additional comments in *adblock.conf.sample*
* at least configure the ip address of the local adblock interface/uhttpd instance, it needs to be a different subnet from the normal LAN
* recommendation: there is no need to enable all blacklist sites at once, for normal use one to three lists should be sufficient
* recommendation: to handle all blacklists at once add an usb stick or any other storage device to supersize your /tmp directory with a swap partition
* install the adblock package (*opkg install adblock*)
* optional: for an update installation please replace your existing */etc/config/adblock* with a copy of */etc/samples/adblock.conf.sample* to get the latest changes
* optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default
* start */usr/bin/adblock-update.sh* and check console output or *logread -e "adblock"* for errors
## Tweaks
* there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient
* if you really need to handle all blacklists at once add an usb stick or any other storage device to supersize your /tmp directory with a swap partition
* => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
* add additional domain white- or blacklist entries, one domain per line (wildcards & regex are not allowed!), both lists are located in */etc/adblock*
* by default openwrts main uhttpd instance is bind to all ports of your router,
* for a working adblock setup you have to bind uhttpd to the standard LAN port only, please change listen_http accordingly
* start /usr/bin/adblock-update.sh and check console output or *logread -e "adblock"* for errors
* add static, personal domain white- or blacklist entries, one domain per line (wildcards & regex are not allowed!), by default both lists are located in */etc/adblock*
* enable the backup/restore feature, to restore automatically the latest, stable backup of your adblock lists in case of any processing error
* enable the debug log feature for continuous logfile writing to monitor the adblock runs over a longer period
## Distributed samples
* all sample configuration files stored in */etc/adblock/samples*
* to enable/disable additional domain query logging set the dnsmasq option *logqueries* accordingly, see *dhcp.config.sample*
* to bind uhttpd to standard LAN port only, see *uhttpd.config.sample*
* for a fully blown adblock configuration with all explained options see *adblock.conf.sample*
* for some dnsmasq tweaks see *dhcp.config.sample* and *dnsmasq.conf.sample*
* for rc.local based autostart and /tmp resizing on the fly see *rc.local.sample*
* for scheduled call of *adblock-update.sh* see *root.crontab.sample*
* to redirect/force all dns queries to your router see *firwall.user.sample*
* for further dnsmasq tweaks see *dnsmasq.conf.sample*
## Examples
## Background
This adblock package is a dns/dnsmasq based adblock solution for openwrt.
Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6.
For that purpose adblock uses an ip address from the old reserved [class 'E'](https://tools.ietf.org/html/rfc1700) subnet (254.0.0.1 / ::ffff:fe00:0001) by default.
Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD chain).
All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other openwrt related config files.
adblock log file excerpt:
adblock[11780] info : domain adblock processing started (0.40.1, r47929, 20.12.2015 21:59:56)
adblock[11780] info : backup/restore will be disabled
adblock[11780] info : wan update check will be disabled
adblock[11780] info : get ntp time sync (192.168.254.254), after 0 loops
adblock[11780] info : source doesn't change, no update required (whocares)
adblock[11780] info : adblocklists with overall 11619 domains loaded, backups disabled
adblock[11780] info : adblock statistics for query date 20151220 (total: 2495, blocked: 154)
adblock[11780] info : domain adblock processing finished (0.40.1, r47929, 20.12.2015 22:00:03)
domain blocklist for dnsmasq (disconnect.me after overall duplicate removal):
address=/0000mps.webpreview.dsl.net/192.168.2.1
address=/0001.2waky.com/192.168.2.1
address=/001wen.com/192.168.2.1
address=/002it.com/192.168.2.1
address=/00game.net/192.168.2.1
[...]
address=/zzsgssxh.com/192.168.2.1
address=/zzshw.net/192.168.2.1
address=/zztxdown.com/192.168.2.1
address=/zzxcws.com/192.168.2.1
#------------------------------------------------------------------
# adblock-update.sh (0.40.0) - 3710 ad/abuse domains blocked
# source: https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
# last modified: Thu, 17 Dec 2015 09:21:17 GMT
domain query log excerpt:
query[A] www.seenby.de from fe80::6257:18ff:fe6b:4667
query[A] tarifrechner.heise.de from 192.168.1.131
query[A] www.mittelstandswiki.de from fe80::6257:18ff:fe6b:4667
query[A] ad.doubleclick.net from 192.168.1.131
ad.doubleclick.net is 192.168.2.1
The first three queries are OK (not blocked), the last one has been blocked and answered by local dnsmasq instance.
## Removal
* remove the adblock package (*opkg remove adblock*)
* remove all script generated adblock lists in */tmp/dnsmasq.d/*
* kill the running adblock uhttpd instance (ps | grep "[u]httpd.*\-h /www/adblock")
* run /etc/init.d/dnsmasq restart
* run /etc/init.d/firewall restart
Have fun!
Dirk

826
net/adblock/files/adblock-helper.sh
View File

File diff suppressed because it is too large Load Diff

274
net/adblock/files/adblock-update.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
#######################################################
# ad/abuse domain blocking script for dnsmasq/openwrt #
# written by Dirk Brenken (dirk@brenken.org) #
# written by Dirk Brenken (openwrt@brenken.org) #
#######################################################
# LICENSE
@ -25,7 +25,7 @@
# set script version
#
adb_version="0.40.2"
adb_version="0.60.0"
# get current pid, script directory and openwrt version
#
@ -39,7 +39,7 @@ if [ -r "${adb_scriptdir}/adblock-helper.sh" ]
then
. "${adb_scriptdir}/adblock-helper.sh" 2>/dev/null
else
rc=600
rc=100
/usr/bin/logger -s -t "adblock[${pid}] error" "adblock function library not found, rc: ${rc}"
exit ${rc}
fi
@ -50,7 +50,7 @@ fi
# call restore function on trap signals (HUP, INT, QUIT, BUS, SEGV, TERM)
#
trap "f_log 'trap error' '700'; f_restore" 1 2 3 10 11 15
trap "rc=255; f_log 'trap error' '${rc}'; f_restore" 1 2 3 10 11 15
# start logging
#
@ -80,71 +80,77 @@ then
adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}"
list_time="$(grep -F "# last modified: " "${adb_dnsfile}" 2>/dev/null)"
list_time="${list_time/*: /}"
f_log "=> (pre-)processing adblock source '${src_name}'"
# only process shallalist archive with updated timestamp
# only process shallalist archive with updated timestamp,
# extract and merge only domains of selected shallalist categories
#
shalla_time="$(curl ${curl_parm} --max-time 5 --head "${adb_arc_shalla}" 2>/dev/null | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="$(wget ${wget_parm} --timeout=5 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="${shalla_time/*: /}"
if [ -z "${shalla_time}" ]
then
shalla_time="$(date)"
f_log "no online timestamp received, current date will be used (${src_name})"
f_log " no online timestamp received, current date will be used"
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ]
then
f_log "shallalist (pre-)processing started ..."
curl ${curl_parm} --max-time "${adb_maxtime}" "${adb_arc_shalla}" --output "${shalla_archive}" 2>/dev/null
wget ${wget_parm} --timeout="${adb_maxtime}" --tries=1 --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
if [ $((rc)) -eq 0 ]
then
f_log "source download failed (${src_name})" "${rc}"
f_restore
fi
> "${shalla_file}"
for category in ${adb_cat_shalla}
do
tar -xOzf "${shalla_archive}" BL/${category}/domains 2>/dev/null >> "${shalla_file}"
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log " archive extraction failed (${category})"
break
fi
done
# extract and merge only domains of selected shallalist categories
#
> "${shalla_file}"
for category in ${adb_cat_shalla}
do
tar -xOzf "${shalla_archive}" BL/${category}/domains 2>/dev/null >> "${shalla_file}"
rc=${?}
if [ $((rc)) -ne 0 ]
# remove temporary files
#
rm -f "${shalla_archive}" >/dev/null 2>&1
rm -rf "${adb_tmpdir}/BL" >/dev/null 2>&1
if [ $((rc)) -eq 0 ]
then
f_log "source archive extraction failed (${category})" "${rc}"
f_restore
adb_sources="${adb_sources} ${shalla_file}&ruleset=rset_shalla"
f_log " source archive (pre-)processing finished"
else
rc=0
fi
done
# remove temporary files
#
rm -f "${shalla_archive}" >/dev/null 2>&1
rm -rf "${adb_tmpdir}/BL" >/dev/null 2>&1
else
f_log " source archive download failed"
rc=0
fi
else
adb_srcfind="! -name ${adb_dnsprefix}.${src_name}"
f_log " source archive doesn't change, no update required"
fi
adb_sources="${adb_sources} file:///${shalla_file}&ruleset=rset_shalla"
fi
# add blacklist source to active adblock domain sources
#
if [ -n "${adb_sources}" ] && [ -s "${adb_blacklist}" ]
if [ -s "${adb_blacklist}" ]
then
adb_sources="${adb_sources} file://${adb_blacklist}&ruleset=rset_blacklist"
adb_sources="${adb_sources} ${adb_blacklist}&ruleset=rset_blacklist"
fi
# loop through active adblock domain sources,
# prepare output and store all extracted domains in temp file
# download sources, prepare output and store all extracted domains in temp file
#
for src in ${adb_sources}
do
# download selected adblock sources
#
url="${src/\&ruleset=*/}"
check_url="$(printf "${url}" | sed -n '/^https:/p' 2>/dev/null)"
src_name="${src/*\&ruleset=rset_/}"
adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}"
list_time="$(grep -F "# last modified: " "${adb_dnsfile}" 2>/dev/null)"
list_time="${list_time/*: /}"
f_log "=> processing adblock source '${src_name}'"
# prepare find statement for all active adblocklist sources
# prepare find statement with active adblock list sources
#
if [ -z "${adb_srcfind}" ]
then
@ -153,47 +159,40 @@ do
adb_srcfind="${adb_srcfind} -a ! -name ${adb_dnsprefix}.${src_name}"
fi
# wget/curl switch
# only download blocklist with newer/updated timestamp
# only download adblock list with newer/updated timestamp
#
if [ -n "${check_url}" ]
if [ "${src_name}" = "blacklist" ]
then
url_time="$(date -r "${adb_blacklist}" 2>/dev/null)"
elif [ "${src_name}" = "shalla" ]
then
url_time="${shalla_time}"
else
url_time="$(wget ${wget_parm} --timeout=5 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
url_time="${url_time/*: /}"
if [ -z "${url_time}" ]
fi
if [ -z "${url_time}" ]
then
url_time="$(date)"
f_log " no online timestamp received, current date will be used"
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${url_time}" ]
then
if [ "${src_name}" = "blacklist" ]
then
url_time="$(date)"
f_log "no online timestamp received, current date will be used (${src_name})"
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${url_time}" ]
tmp_domains="$(cat "${adb_blacklist}" 2>/dev/null)"
rc=${?}
elif [ "${src_name}" = "shalla" ]
then
tmp_domains="$(cat "${shalla_file}" 2>/dev/null)"
rc=${?}
else
tmp_domains="$(wget ${wget_parm} --timeout="${adb_maxtime}" --tries=1 --output-document=- "${url}" 2>/dev/null)"
rc=${?}
else
f_log "source doesn't change, no update required (${src_name})"
continue
fi
else
if [ "${src_name}" = "shalla" ]
then
url_time="${shalla_time}"
else
url_time="$(curl ${curl_parm} --max-time 5 --head "${url}" 2>/dev/null | grep -F "Last-Modified: " | tr -d '\r')"
url_time="${url_time/*: /}"
fi
if [ -z "${url_time}" ]
then
url_time="$(date)"
f_log "no online timestamp received, current date will be used (${src_name})"
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${url_time}" ]
then
tmp_domains="$(curl ${curl_parm} --max-time "${adb_maxtime}" "${url}" 2>/dev/null)"
rc=${?}
else
f_log "source doesn't change, no update required (${src_name})"
continue
fi
f_log " source doesn't change, no update required"
continue
fi
# check download result and prepare domain output by regex patterns
@ -202,7 +201,7 @@ do
then
eval "$(printf "${src}" | sed 's/\(.*\&ruleset=\)/ruleset=\$/g')"
count="$(printf "%s\n" "${tmp_domains}" | tr '[A-Z]' '[a-z]' | eval "${ruleset}" | tee "${adb_tmpfile}" | wc -l)"
f_log "source download finished (${url}, ${count} entries)"
f_log " source download finished (${count} entries)"
if [ "${src_name}" = "shalla" ]
then
rm -f "${shalla_file}" >/dev/null 2>&1
@ -210,11 +209,12 @@ do
unset tmp_domains
elif [ $((rc)) -eq 0 ] && [ -z "${tmp_domains}" ]
then
f_log "empty source download finished (${src_name})"
f_log " empty source download finished"
continue
else
f_log "source download failed (${src_name})" "${rc}"
f_restore
f_log " source download failed"
rc=0
continue
fi
# remove whitelist domains, sort domains and make them unique,
@ -231,7 +231,7 @@ do
rc=${?}
fi
# prepare find statement for revised adblocklist sources
# prepare find statement with revised adblock list sources
#
if [ -z "${adb_revsrcfind}" ]
then
@ -240,35 +240,43 @@ do
adb_revsrcfind="${adb_revsrcfind} -o -name ${adb_dnsprefix}.${src_name}"
fi
# write preliminary adblocklist footer
# write preliminary adblock list footer
#
if [ $((rc)) -eq 0 ]
then
count="$(wc -l < "${adb_dnsdir}/${adb_dnsprefix}.${src_name}")"
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
count="$(($(wc -l < "${adb_dnsdir}/${adb_dnsprefix}.${src_name}") / 2))"
else
count="$(wc -l < "${adb_dnsdir}/${adb_dnsprefix}.${src_name}")"
fi
printf "%s\n" "#------------------------------------------------------------------" >> "${adb_dnsfile}"
printf "%s\n" "# ${0##*/} (${adb_version}) - ${count} ad/abuse domains blocked" >> "${adb_dnsfile}"
printf "%s\n" "# source: ${url}" >> "${adb_dnsfile}"
printf "%s\n" "# last modified: ${url_time}" >> "${adb_dnsfile}"
f_log "domain merging finished (${src_name})"
f_log " domain merging finished"
else
f_log "domain merging failed (${src_name})" "${rc}"
f_log " domain merging failed" "${rc}"
f_restore
fi
else
f_log "empty domain input received (${src_name})"
f_log " empty domain input received"
continue
fi
done
# remove old adblocklists and their backups
# remove old adblock lists and their backups
#
if [ -n "${adb_srcfind}" ]
then
find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srcfind} \) -exec rm -f "{}" \; 2>/dev/null
if [ $((rc)) -ne 0 ]
adb_rmfind="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srcfind} \) -print -exec rm -f "{}" \; 2>/dev/null)"
if [ $((rc)) -eq 0 ] && [ -n "${adb_rmfind}" ]
then
f_log "error during removal of old adblocklists" "${rc}"
f_remove
f_log "no longer used adblock lists removed" "${rc}"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of old adblock lists" "${rc}"
f_exit
fi
if [ "${backup_ok}" = "true" ]
then
@ -276,7 +284,7 @@ then
if [ $((rc)) -ne 0 ]
then
f_log "error during removal of old backups" "${rc}"
f_remove
f_exit
fi
fi
else
@ -284,19 +292,19 @@ else
if [ "${backup_ok}" = "true" ]
then
rm -f "${adb_backupdir}/${adb_dnsprefix}."* >/dev/null 2>&1
f_log "all available adblocklists and backups removed"
f_log "all available adblock lists and backups removed"
else
f_log "all available adblocklists removed"
f_log "all available adblock lists removed"
fi
fi
# make separate adblocklists unique
# make separate adblock lists unique
#
if [ $((adb_unique)) -eq 1 ]
then
if [ -n "${adb_revsrcfind}" ]
then
f_log "remove duplicates in separate adblocklists ..."
f_log "remove duplicates in separate adblock lists"
# generate a temporary, unique overall list
#
@ -320,7 +328,12 @@ then
# write final adblocklist footer
#
count="$(wc -l < "${adb_dnsdir}/tmp.${list}")"
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
count="$(($(wc -l < "${adb_dnsdir}/tmp.${list}") / 2))"
else
count="$(wc -l < "${adb_dnsdir}/tmp.${list}")"
fi
printf "%s\n" "#------------------------------------------------------------------" >> "${adb_dnsdir}/tmp.${list}"
printf "%s\n" "# ${0##*/} (${adb_version}) - ${count} ad/abuse domains blocked" >> "${adb_dnsdir}/tmp.${list}"
tail -qn -2 "${adb_dnsdir}/$adb_dnsprefix.${list}" 2>/dev/null >> "${adb_dnsdir}/tmp.${list}"
@ -330,49 +343,62 @@ then
fi
fi
# restart dnsmasq with newly generated block lists
# get overall count
#
/etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 3
# dnsmasq health check
#
dns_status="$(logread -l 20 -e "dnsmasq" -e "FAILED to start up" 2>/dev/null)"
if [ -z "${dns_status}" ]
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
dns_status="$(nslookup "${adb_domain}" 2>/dev/null | grep -F "${adb_ip}" 2>/dev/null)"
if [ -z "${dns_status}" ]
adb_count="$(($(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l) / 2))"
else
adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)"
fi
# restart dnsmasq with newly generated or deleted adblock lists,
# check dnsmasq startup afterwards
#
if [ -n "${adb_revsrcfind}" ] || [ -n "${adb_rmfind}" ]
then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2
dns_status="$(ps 2>/dev/null | grep "[d]nsmasq" 2>/dev/null)"
if [ -n "${dns_status}" ]
then
adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)"
if [ "${backup_ok}" = "true" ]
then
if [ -n "${adb_revsrcfind}" ]
then
find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrcfind} \) -exec cp -f "{}" "${adb_backupdir}" \; 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during backup of adblocklists" "${rc}"
f_remove
fi
f_log "adblocklists with overall ${adb_count} domains loaded, new backups generated"
else
f_log "adblocklists with overall ${adb_count} domains loaded, no new backups"
fi
else
f_log "adblocklists with overall ${adb_count} domains loaded, backups disabled"
fi
f_log "adblock lists with overall ${adb_count} domains loaded"
else
rc=605
f_log "nslookup probe failed" "${rc}"
rc=105
f_log "dnsmasq restart failed, please check 'logread' output" "${rc}"
f_restore
fi
else
rc=610
f_log "dnsmasq probe failed" "${rc}"
f_restore
f_log "adblock lists with overall ${adb_count} domains are still valid, no dnsmasq restart required"
fi
# create adblock list backups
#
if [ "${backup_ok}" = "true" ] && [ "$(printf "${adb_dnsdir}/${adb_dnsprefix}."*)" != "${adb_dnsdir}/${adb_dnsprefix}.*" ]
then
for file in ${adb_dnsdir}/${adb_dnsprefix}.*
do
filename="${file##*/}"
if [ ! -f "${adb_backupdir}/${filename}" ] || [ "${file}" -nt "${adb_backupdir}/${filename}" ]
then
cp -pf "${file}" "${adb_backupdir}" 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during backup of adblock list (${filename})" "${rc}"
f_exit
fi
backup_done="true"
fi
done
if [ "${backup_done}" = "true" ]
then
f_log "new adblock list backups generated"
else
f_log "adblock list backups are still valid, no new backups required"
fi
fi
# remove temporary files and exit
#
f_remove
f_exit

1
net/adblock/files/adblock.blacklist
View File

@ -1 +0,0 @@

29
net/adblock/files/adblock.conf
View File

@ -1,20 +1,8 @@
# adblock configuration, for further information
# please read /etc/adblock/samples/adblock.conf.sample
# and /etc/adblock/README.md
#
config adblock "global"
option adb_ip "192.168.2.1"
option adb_domain "heise.de"
option adb_blacklist "/etc/adblock/adblock.blacklist"
option adb_whitelist "/etc/adblock/adblock.whitelist"
config service "wancheck"
option enabled "0"
list adb_wanlist "wan"
config service "ntpcheck"
option enabled "0"
config service "backup"
option enabled "0"
option adb_backupdir "/tmp"
@ -23,17 +11,12 @@ config service "debuglog"
option enabled "0"
option adb_logfile "/tmp/adb_debug.log"
config service "querylog"
option enabled "0"
option adb_queryfile "/tmp/adb_query.log"
option adb_queryhistory "1"
config source "adaway"
option enabled "0"
option enabled "1"
option adb_src_adaway "https://adaway.org/hosts.txt&ruleset=rset_adaway"
config source "disconnect"
option enabled "0"
option enabled "1"
option adb_src_disconnect "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect"
config source "dshield"
@ -46,7 +29,11 @@ config source "feodo"
config source "malware"
option enabled "0"
option adb_src_malware "http://mirror1.malwaredomains.com/files/justdomains&ruleset=rset_malware"
option adb_src_malware "https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware"
config source "malwarelist"
option enabled "0"
option adb_src_malwarelist "http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist"
config source "palevo"
option enabled "0"

1
net/adblock/files/adblock.whitelist
View File

@ -1 +0,0 @@

73
net/adblock/files/samples/adblock.conf.sample
View File

@ -1,18 +1,30 @@
# adblock configuration, for further information
# please read /etc/adblock/samples/adblock.conf.sample
# please see /etc/adblock/samples/adblock.conf.sample
# and /etc/adblock/README.md
#
# generic options (always required)
#
# generic options (all optional!)
config adblock "global"
# ip address of the local adblock interface/uhttpd instance,
# needs to be a different subnet from the normal LAN
option adb_ip "192.168.2.1"
# name (or space separated list of names) of the logical wan interface(s)
option adb_wanif "wan"
# name of an "always accessible" domain,
# this domain will be used for the final nslookup check
option adb_domain "heise.de"
# name of the logical lan interface
option adb_lanif "lan"
# uhttpd port for adblock instance
option adb_port "65535"
# ipv4 blackhole ip address for dnsmasq
# old class 'E' subnet, reserved for future use (certainly not used in normal setups)
option adb_nullipv4 "254.0.0.1"
# ipv6 mapped blackhole ip address for dnsmasq
option adb_nullipv6 "::ffff:fe00:0001"
# download timeout (in seconds) to get the adblock list sources
option adb_maxtime "60"
# max loops/timeout for wan check
option adb_maxloop "20"
# full path to static domain blacklist file (one domain per line)
# wildcards or regex expressions are not allowed
@ -22,20 +34,6 @@ config adblock "global"
# wildcards or regex expressions are not allowed
option adb_whitelist "/etc/adblock/adblock.whitelist"
# list of wan devices that are allowed for adblock updates (check /sys/class/net/<dev>),
# if no one found the last adlist backup will be restored,
# useful only for (mobile) multiwan setups
# disabled by default
config service "wancheck"
option enabled "0"
list adb_wanlist "wan"
# check that ntp has adjusted the system time on this device,
# will be used for logfile writing and logfile housekeeping
# disabled by default
config service "ntpcheck"
option enabled "0"
# full path to backup directory for adlist backups
# disabled by default
config service "backup"
@ -43,32 +41,23 @@ config service "backup"
option adb_backupdir "/tmp"
# full path to debug logfile
# by default adblock logs to syslog and stdout only
# normally adblock logs to syslog and stdout only
# disabled by default
config service "debuglog"
option enabled "0"
option adb_logfile "/tmp/adb_debug.log"
# full path to domain query logfile
# a background task will trace every dns request to file, to easily identify free and already blocked domains,
# for this to work, you've to enable the dnsmasq option "logqueries" too.
# the "queryhistory" option deletes query logfiles older than n days (req. busybox find with mtime support)
# disabled by default
config service "querylog"
option enabled "0"
option adb_queryfile "/tmp/adb_query.log"
option adb_queryhistory "1"
# different adblock list sources
# please do not change the urls listed below,
# adblock list source definition
# please do not change the URLs listed below,
# enable/disable sources as needed
# for shallalist you can also enable/disable different ad categories
# 'adaway', 'disconnect' and 'yoyo' are enabled by default
config source "adaway"
option enabled "0"
option enabled "1"
option adb_src_adaway "https://adaway.org/hosts.txt&ruleset=rset_adaway"
config source "disconnect"
option enabled "0"
option enabled "1"
option adb_src_disconnect "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect"
config source "dshield"
@ -81,7 +70,11 @@ config source "feodo"
config source "malware"
option enabled "0"
option adb_src_malware "http://mirror1.malwaredomains.com/files/justdomains&ruleset=rset_malware"
option adb_src_malware "https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware"
config source "malwarelist"
option enabled "0"
option adb_src_malwarelist "http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist"
config source "palevo"
option enabled "0"

2
net/adblock/files/samples/dhcp.config.sample
View File

@ -4,4 +4,4 @@
config dnsmasq
option cachesize '1000'
option filterwin2k '0'
option logqueries '1'

2
net/adblock/files/samples/dnsmasq.conf.sample
View File

@ -1,4 +1,4 @@
# tell DHCP clients to not ask for proxy information
# tell DHCP clients not to ask for proxy information
# some clients - like Win7 - will constantly ask if not told "No!"
# configuration found in /etc/dnsmasq
#

5
net/adblock/files/samples/firewall.user.sample
View File

@ -1,5 +0,0 @@
# redirect/force all dns queries to port 53 of your router
# configuration found in /etc/firewall.user
#
iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53

3
net/adblock/files/samples/root.crontab.sample
View File

@ -2,7 +2,6 @@
# configuration found in /etc/crontabs/root
#
# start adblock script twice a day
# start adblock script once a day at 6 o'clock
#
0 06 * * * /usr/bin/adblock-update.sh &
0 22 * * * /usr/bin/adblock-update.sh &

4
net/adblock/files/samples/uhttpd.config.sample
View File

@ -1,4 +0,0 @@
# main uhttpd instance listens only to internal LAN
#
config uhttpd 'main'
list listen_http '192.168.1.1:80'

2
net/adblock/files/www/adblock/adblock.html
View File

@ -1,6 +1,6 @@
<html>
<head></head>
<body>
<img src="/adblock.png" border=0 alt=""></img>
<img src="/adblock.png" border="0" alt=""></img>
</body>
</html>

2
net/adblock/files/www/adblock/index.html
View File

@ -1,6 +1,6 @@
<html>
<head></head>
<body>
<img src="/adblock.png" border=0 alt=""></img>
<img src="/adblock.png" border="0" alt=""></img>
</body>
</html>